Vulnerabilities > Google > Chrome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-28 | CVE-2017-15422 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 6.5 |
| 2018-08-28 | CVE-2017-15420 | Improper Input Validation vulnerability in multiple products Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2018-08-28 | CVE-2017-15419 | Open Redirect vulnerability in multiple products Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | 6.5 |
| 2018-08-28 | CVE-2017-15418 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2018-08-28 | CVE-2017-15417 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 5.3 |
| 2018-08-28 | CVE-2017-15416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | 6.5 |
| 2018-08-28 | CVE-2017-15415 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | 6.5 |
| 2018-05-04 | CVE-2018-10229 | Information Exposure vulnerability in multiple products A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | 4.8 |
| 2018-02-07 | CVE-2017-5124 | Cross-site Scripting vulnerability in multiple products Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | 6.1 |
| 2018-02-07 | CVE-2017-15395 | Use After Free vulnerability in multiple products A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | 6.5 |